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CLAIMS : 

What is claimed is: 

iSv A method for processing enveloped data objects in a 
5 datk processing system comprising a display, the method 
comprvising the computer-implemented steps of: 
presenting an enveloped data object; and 
modifying the enveloped data object through 
processing of user actions within a graphical user 
10 interfaceA 

2 . The methW of claim 1 wherein the enveloped data 
object is formatted according to PRCS (Private Key 
Cryptography Staiadard) standards. 

15 \ 

3 . The method of Vlaim 1 wherein the step of presenting 
the enveloped data ornect further comprises: 

obtaining an enveloped data object, wherein the 
enveloped data object comprises a content data object and 
20 at least one content encrVption key objects- 
determining data objeots contained with the 
enveloped data object; \ 

displaying the enveloped\data object, wherein data 
objects contained within the enVeloped data object are 
25 represented by graphical objectsX 

determining logical associatrons between data 
objects contained within the enveloped data object; and 

displaying visual indicators beWeen graphical 
objects, wherein the visual indicators^ represent logical 
30 associations between data objects contained within the 
enveloped data object. \ 
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The method of claim 3 wherein the step of modifying 
th^ enveloped data object further comprises: 

selecting a graphical object representing a data 
objects contained within the enveloped data object; 

displaying data values of the selected data object; 
editing the data values of the selected data object; 
and \ 

saving the' data values of the selected data object 
10 in the enveloped data object. 

5. The method osf claim 4 further comprising: 
identifying aXdata type of the data object 

represented by the selected graphical object, wherein the 
15 selected data object \s a content data object; and 

identifying a default editor for displaying the 
selected data object according to the identified data 
type of the data object represented by the selected 
graphical object. 

20 

6, The method of claim 4 wherein the step of modifying 
the enveloped data object furtl^er comprises: 

selecting a graphical object representing a data 
object contained within the enveloped data object; 
25 receiving a user action on the^ selected graphical 

object representing a deletion request; and 

deleting from the enveloped dat^object the data 
object represented by the selected graphical request. 

\ 

V 

\ 

30 7. The method of claim 6 further comprising: 

determining whether the selected graphical object 

\ 
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^resents a certificate object; 

in response to a determination that the selected 
graplsjical object represents a certificate object: 

determining whether the certificate object is 
logically associated with a different certificate 
obj\ct embedded within the enveloped data object; 
and 

iA. response to a determination that the 
certificate object is logically associated with a 
different certificate object embedded within the 
enveloped data object, removing a visual indicator 
representing \ logical association between the 
certificate object and the different certificate 
object ; 

determining whether the certificate object is 
logically associated with a recipient information 
object; \ 

in response to a determination that the 
certificate object is logically associated with a 
recipient information obj\ect: 

deleting the recipient information object; and 

removing a visual indicator representing a 
logical association between the certificate object 
and the recipient inf ormation^^ject . 

8. The method of claim 5 further comprising: 

determining whether the selected graphical object 

represents a certificate revocation list object; 

in response to a determination thatXthe selected 

graphical object represents a certif icate\revocation list 

object : 
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determining whether the certificate revocation 
list\ object is logically associated with a 
certificate object; and 

in response to a determination that the 
certificate revocation list object is logically 
associated with a certificate object, removing a 
visual indicator representing a logical association 
between the certificate object and the certificate 
revocation Uist object. 



9. The method ofV claim 3 further comprising: 
receiving a usi^r request to send the enveloped data 

object; 

obtaining one orXmore e-mail addresses to which to 
15 send the enveloped data object; and 

in response to a determination that the enveloped 
data object contains a recipient information object, 
sending an e-mail messageXcomprising the enveloped data 
object to the one or more ^-mail addresses. 

20 

10. The method of claim 3 f farther comprising: 
receiving a user request\to export the enveloped 

data object; \ 

obtaining a user-specif iedV f ile name; and 
25 storing the enveloped dataVobject in DER-encoded 

format in the user-specified file. 

11. The method of claim 3 f urther\^comprising : 
receiving a user request to import the enveloped 

30 data object; \ 

obtaining a user-specified file^name; 
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importing the enveloped data object in DER-encoded 
format from the user-specified file; and 

populating the graphical objects representing data 
object cqntained within the enveloped data object. 
5 \ 

12. The method of claim 1 further comprising: 

receiving a user request to add a content data 
object to the ^nveloped data object; 

determiningr whether an encryption key data object is 
10 embedded in the enveloped data object; 

in response od a determination that an encryption 
key data object is r^ot embedded in the enveloped data 
object : 

storing the V:ontent data object within the 
15 enveloped data object; 

displaying a graphical object representing the 
content data object, \wherein the graphical object 
indicates that the content data object is embedded 
within the enveloped data object; 
20 in response to a determination that an encryption 

key data object is embedded inXthe enveloped data object: 
generating an encrypted content data object 
within the enveloped data object, wherein the 
encrypted content data objec^comprises encrypted 
25 content for the content data object, a content type 

identifier for the encrypted content, and an 
encryption algorithm identifier ;\^ 

enabling a decrypt button for decrypting the 
encrypted content data object; and' 
30 displaying a graphical object i^presenting the 

encrypted content data object, wherein the graphical 
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object indicates that the encrypted content data 
object is embedded within the enveloped data object, 



13. The method of claim 12 further comprising: 
5 dragging and dropping a graphical object 

representing the content data object on a graphical 
object representing the enveloped data object. 

14. The methodXof claim 1 further comprising: 

10 receiving aVser request to add a certificate object 

to the enveloped dVta object; 

storing the cerstificate object in the enveloped data 
object; and 

displaying a graphical object representing the 
15 certificate object, wherein the graphical object 

indicates that the certifNlcate object is embedded within 
the enveloped data object. 




15. The method of claim 14 further comprising: 
20 determining whether the certificate object is 

logically associated with a different certificate object 

embedded within the enveloped data object; and 

in response to a determination that the certificate 

object is logically associated with a different 
25 certificate object embedded within the enveloped data 

object, displaying a visual indicatorX representing a 

logical association between the certifi^cate object and 

the different certificate object. 



30 16. The method of claim 14 further comprrsing: 

determining whether an encryption key data object is 
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I 

eirmedded xn the enveloped data object; 

\ in response to a determination that an encryption 
key data object is embedded in the enveloped data object, 
receiving user input requesting generation of a recipient 
information object ; 

generating a recipient information object; 

stoning the recipient information object in the 
enveloped \data object; and 

displaying a graphical object representing the 
recipient irrformation object, wherein the graphical 
object indicaVes that the recipient information object is 
embedded within the enveloped data object; and 

displaying \a visual indicator representing a logical 
association between the recipient information object and 
an associated certificate object. 

17. The method of cMim 14 further comprising: 
dragging and dropbing a graphical object 

representing the certificate object on a graphical object 
representing the enveloped data object. 

18. The method of claim 1 further comprising: 



receiving a user requesa to add a certificate 
revocation list object to the^nveloped data object; 

storing the certificate revocation list object in 
the enveloped data object; and \ 

displaying a graphical objecuy representing the 
certificate revocation list object A wherein the graphical 
object indicates that the certificate revocation list 
object is embedded within the enveloped data object. 
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Ik. The method of claim 18 further comprising: 

\ determining whether the certificate revocation list 
object is logically associated with a certificate object 
embedded within the enveloped data object; and 
5 iA response to a determination that the certificate 

revocatiSpn list object is logically associated with a 
certificate object embedded within the enveloped data 
object, diNsplaying a visual indicator representing a 
logical assG)ciation between the certificate revocation 
10 list object and the certificate object. 

20. The methodXpf claim 18 further comprising: 
dragging andV dropping a graphical object 

representing the certificate revocation list object on a 
15 graphical object representing the enveloped data object. 

21. The method of clao^in 3 further comprising: 
receiving a user reouest to encrypt a content data 

object embedded in the enS/e loped data object; 
20 generating an encryptW content data object within 

the enveloped data object, wiierein the encrypted content 
data object comprises encrypted content for the content 
data object, a content type identifier for the encrypted 
content, and an encryption algorithm identifier; 



displaying a graphical object representing the 
encrypted content data object, wherein the graphical 
object indicates that the encrypted content data object 
30 is embedded within the enveloped data object. 



25 



enabling a decrypt button fq, 
encrypted content data object; an^ 
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\22. The method of claim 3 further comprising: 
receiving a user request to decrypt an encrypted 
content data object embedded in the enveloped data 
obXect ; 

5 \ decrypting the encrypted content data object to a 

content data object embedded in the enveloped data 
ob j ec t\ 

enabling a encrypt button for encrypting the content 
data object; and 
10 displaying a graphical object representing the 

content datk object, wherein the graphical object 
indicates that the content data object is embedded within 
the enveloped data object. 

15 23. The method o^ claim 3 further comprising: 

receiving a us^r request to select an encryption key 
algorithm; \ 

deleting an encryption key embedded in the enveloped 
data object; and \ 
20 removing the encryption key from recipient 

information objects embedded in the enveloped data 
object. \ 

24. A data processing system \Eor processing enveloped 
25 data objects in the data processing system comprising a 
display, the data processing system comprising: 

presenting means for presenting an enveloped data 
object; and \ 

modifying means for modifying the enveloped data 
30 object through processing of user actions within a 
graphical user interface. \ 
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25. The data processing system of claim 24 wherein the 
enveloped data object is formatted according to PKCS 
(Private Key Cryptography Standard) standards. 

5 26. "Ehe data processing system of claim 24 wherein the 
means fipr presenting the enveloped data object further 
comprises 

obtaining means for obtaining an enveloped data 
object, wherein the enveloped data object comprises a 
10 content data^ object and at least one content encryption 
key object; 

first detWmining means for determining data objects 
contained with uhe enveloped data object; 

first displaying means for displaying the enveloped 
15 data object, where\n data objects contained within the 
enveloped data object are represented by graphical 
objects; 

second determining means for determining logical 
associations between daVa objects contained within the 
20 enveloped data object; and 

second displaying means for displaying visual 
indicators between graphical objects, wherein the visual 
indicators represent logicalX associations between data 
objects contained within the enveloped data object. 

25 

27. The data processing system \of claim 26 wherein the 
means for modifying the enveloped data object further 
comprises : \^ 

first selecting means for selecting a graphical 
30 object representing a data object contained within the 
enveloped data object; 



Docket No. AUS990880US1 

\ third displaying means for displaying data values of 
the selected data object; 

^editing means for editing the data values of the 
selecDed data object; and 
5 saving means for saving the data values of the 

selecteoV data object in the enveloped data object. 

28. The data processing means of claim 27 further 
comprising: \ 

10 first identifying means for identifying a data type 

of the data obNect represented by the selected graphical 
object, whereinXthe selected data object is a content 
data object; and\ 

second identifying means for identifying a default 

15 editor for displaying the selected data object according 
to the identified daVa type of the data object 
represented by the selected graphical object. 

29. The data processings system of claim 27 wherein the 
20 means for modifying the enveloped data object further 

comprises: \ 

second selecting meansXfor selecting a graphical 

object representing a data oodect contained within the 

enveloped data object; \ 
25 first receiving means for receiving a user action on 

the selected graphical object representing a deletion 

request; and \ 

first deleting means for deleoing from the enveloped 

data object the data object represerrted by the selected 
30 graphical request. \ 
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TSO. The data processing system of claim 29 further 
(comprising : 

\ third determining means for determining whether the 
sePected graphical object represents a certificate 
5 ob j e)s t ; 

Bourth determining means for determining, in 
responsie to a determination that the selected graphical 
object re^^resents a certificate object, whether the 
certificaue object is logically associated with a 

10 different certificate object embedded within the 
enveloped dat^a objects- 
first removing means for removing, in response to a 
determination tniat the certificate object is logically 
associated with a\different certificate object embedded 

15 within the envelope*^ data object, a visual indicator 
representing a logical association between the 
certificate object anovthe different certificate object; 

fifth determining means for determining whether the 
certificate object is logically associated with a 

20 recipient information objecit; 

second deleting means ror deleting, in response to a 
determination that the certiricate object is logically 
associated with a recipient information object, the 
recipient information object; and 

25 second removing means for r^oving, in response to a 

determination that the certif icateXobject is logically 
associated with a recipient information object, a visual 
indicator representing a logical association between the 
certificate object and the recipient information object. 

30 \ 



31. The data processing system of claim \29 further 
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comprising: 

\ sixth determining means for determining whether the 
selected graphical object represents a certificate 
revocation list object; 
5 seventh determining means for determining, in 

responsei to a determination that the selected graphical 
object r^resents a certificate revocation list object, 
whether the certificate revocation list object is 
logically aWociated with a certificate object; and 

10 third removing means for removing, in response to a 

determination Vhat the certificate revocation list object 
is logically associated with a certificate object, a 
visual indicator \representing a logical association 
between the certipicate object and the certificate 

15 revocation list objWt. 

32. The data processing system of claim 26 further 
comprising: \ 

second receiving means for receiving a user request 
20 to send the enveloped datayobject; 

first obtaining means ^or obtaining one or more 
e-mail addresses to which toXsend the enveloped data 
object; and \ 

first sending means for seeding, in response to a 
25 determination that the envelopes data object contains a 
recipient information object, an\e-mail message 
comprising the enveloped data object to the one or more 
e-mail addresses. \ 

30 33. The data processing system of cTaim 26 further 
comprising: \ 
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\ third receiving means for receiving a user request 
to e:)roort the enveloped data object; 

second obtaining means for obtaining a 
user-spfecif ied file name; and 
5 firkt storing means for storing the enveloped data 

object in NdeR- encoded format in the user-specified file. 

34. The datay processing system of claim 26 further 
comprising: \ 

10 fourth receiving means for receiving a user request 

to import the env^sloped data object; 

third obtaining means for obtaining a user-specified 
file name; \ 

importing means \or importing the enveloped data 
15 object in DER-encoded liormat from the user- specified 
file; and \ 

populating means for\ populating the graphical 
objects representing data csbject contained within the 
enveloped data object. \ 
20 \ 

35. The data processing system of claim 24 further 
comprising: \ 

fifth receiving means for receiving a user request 
to add a content data object to thk enveloped data 
25 object; \ 

eighth determining means for deC^rmining whether an 
encryption key data object is embeddedv in the enveloped 
data object; \ 

second storing means for storing, in response to a 
30 determination that an encryption key dataVobject is not 
embedded in the enveloped data object, theVontent data 
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object within the enveloped data object; 

\ fourth displaying means for displaying, in response 
to determination that an encryption key data object is 
not embedded in the enveloped data object, a graphical 
5 objects representing the content data object, wherein the 
graphica.1 object indicates that the content data object 
is embedded within the enveloped data object; 

f irstXgenerating means for generating, in response 
to a determmation that an encryption key data object is 

10 embedded in tl^e enveloped data object, an encrypted 
content data ob^iect within the enveloped data object, 
wherein the encrypted content data object comprises 
encrypted content Vor the content data object, a content 
type identifier forXthe encrypted content, and an 

15 encryption algorithm Vdentifier; 

first enabling mearis for enabling, in response to a 
determination that an eircryption key data object is 
embedded in the envelopedXdata object, a decrypt button 
for decrypting the encrypted content data object; and 

20 fifth displaying means ^or displaying, in response 

to a determination that an enmryption key data object is 
embedded in the enveloped data\Dbject, a graphical object 
representing the encrypted conteiat data object, wherein 
the graphical object indicates that the encrypted content 

25 data object is embedded within the enveloped data object. 

36. The data processing system of cladm 35 further 
comprising: \ 

first dragging and dropping means for dragging and 
30 dropping a graphical object representing the content data 
object on a graphical object representing the enveloped 
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\ data object. 

iV. The data processing system of claim 24 further 
coitorising: 

5 \ sixth receiving means for receiving a user request 

to ada. a certificate object to the enveloped data object; 

tlrird storing means for storing the certificate 
object iri the enveloped data object; and 

sixtnydisplaying means for displaying a graphical 
10 object reprWenting the certificate object, wherein the 
graphical ob^vect indicates that the certificate object is 
embedded withiV the enveloped data object. 

38. The data processing system of claim 37 further 
15 comprising: \ 

ninth determinYng means for determining whether the 
certificate object ik logically associated with a 
different certif icate V)bject embedded within the 
enveloped data object; and 

20 seventh displaying means for displaying, in response 

to a determination that the certificate object is 
logically associated with A different certificate object 
embedded within the enveloped data object, a visual 
indicator representing a logiWl association between the 

25 certificate object and the different certificate object, 

39. The data processing system o^f claim 37 further 
comprising: \ 

tenth determining means for determining whether an 
30 encryption key data object is embedded in the enveloped 
data object; \ 
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.receiving means for receiving, in response to a 
determination that an encryption key data object is 
embedded in the enveloped data object, user input 
requesting generation of a recipient information object; 
5 second generating means for generating the recipient 

informatiofi object; 

third Nstoring means for storing the recipient 
information Object in the enveloped data object; and 

eighth displaying means for displaying a graphical 
10 object representing the recipient information object, 

wherein the graphical object indicates that the recipient 
information objec^ is embedded within the enveloped data 
object; and 

ninth displaying means for displaying a visual 
15 indicator representing a logical association between the 
recipient inf ormation\object and an associated 
certificate object, 

40. The data processing ^^ystem of claim 37 further 
20 comprising: 

second dragging and dropping means for dragging and 
dropping a graphical object representing the certificate 
object on a graphical object 3^;epresenting the enveloped 
data object. 

25 

41. The data processing system 6f claim 24 further 
comprising: \ 

seventh receiving means for receiving a user request 
to add a certificate revocation listXobject to the 
30 enveloped data object; \ 

third storing means for storing tne certificate 
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revocation list object in the enveloped data object; and 

\ tenth displaying means for displaying a graphical 
object representing the certificate revocation list 
objecst, wherein the graphical object indicates that the 
5 certificate revocation list object is embedded within the 
envelopW data object. 

42. The o^ta processing system of claim 41 further 
comprising ; 

10 eleventBv determining means for determining whether 

the certificates revocation list object is logically 
associated with\a certificate object embedded within the 
enveloped data object; and 

eleventh displaying means for displaying, in 

15 response to a determination that the certificate 

revocation list objecV is logically associated with a 
certificate object embedded within the enveloped data 
object, a visual indicatior representing a logical 
association between the certificate revocation list 

20 object and the certificate xDbject . 

43. The data processing system of claim 41 further 
comprising; 

third dragging and dropping \me an s for dragging and 
25 dropping a graphical object representing the certificate 
revocation list object on a graphical object representing 
the enveloped data object. 

44. The data processing system of claim 26 further 
30 comprising: \ 

eighth receiving means for receiving a user request 
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:o encrypt a content data object embedded in the 
^veloped data object; 

third generating means for generating an encrypted 
con^sent data object within the enveloped data object, 
5 wherein the encrypted content data object comprises 

encrypted content for the content data object, a content 
type identifier for the encrypted content, and an 
encryption algorithm identifier; 

second enabling means for enabling a decrypt button 
10 for decrypting the encrypted content data object; and 

twelf th\displaying means for displaying a graphical 
object representing the encrypted content data object, 
wherein the graphical object indicates that the encrypted 
content data obj)^ct is embedded within the enveloped data 
15 object. 

45. The data processing system of claim 26 further 
comprising: 

ninth receiving means for receiving a user request 
20 to decrypt an encrypted content data object embedded in 
the enveloped data object, 

decrypting means for decrypting the encrypted 
content data object to a contsent data object embedded in 
the enveloped data object; \^ 
25 third enabling means for enabling a encrypt button 

for encrypting the content data Object; and 

thirteenth displaying means fo^ displaying a 
graphical object representing the content data object, 
wherein the graphical object indicates that the content 
30 data object is embedded within the enveloped data object. 

\ 

46. The data processing system of claim 26 further 
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\ comprising: 

\ tenth receiving means for receiving a user request 

CO select an encryption key algorithm; 

\ third deleting means for deleting an encryption key 
5 embedded in the enveloped data object; and 

Bourth removing means for removing the encryption 
key froin recipient information objects embedded in the 
enveloped^ data object . 

10 47. A compijter program product in a computer-readable 

medium for use. in a data processing system for processing 
enveloped data (objects , the computer program product 
comprising: \ 

first instrucVions for presenting an enveloped data 
15 object; and \ 

second instructicms for modifying the enveloped data 
object through processitig of user actions within a 
graphical user interface\ 

20 48. The computer program product of claim 47 wherein the 
enveloped data object is formatted according to PKCS 
(Private Key Cryptography Standard) standards. 



49. The computer program productNpf claim 47 wherein the 
25 instructions for presenting the enveloped data object 

further comprise: \ 

instructions for obtaining an env^eloped data object, 

wherein the enveloped data object comprVses a content 

data object and at least one content enc3s;yption key 
30 , object; 

instructions for determining data obje\:ts contained 
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w\th the enveloped data objects- 
instructions for displaying the enveloped data 
objec^, wherein data objects contained within the 
enveloped data object are represented by graphical 
5 objects; 

instimctions for determining logical associations 
between dac^ objects contained within the enveloped data 
object; and 

instructions for displaying visual indicators 
10 between graphic)al objects, wherein the visual indicators 
represent logicaA associations between data objects 
contained within tiie enveloped data object. 

50. The computer program product of claim 49 wherein the 
15 instructions for modifying the enveloped data object 
further comprise: 

instructions for selecting a graphical object 
representing a data object Contained within the enveloped 
data object; \^ 
20 instructions for displaymg data values of the 

selected data object; \^ 

instructions for editing the data values of the 
selected data object; and \ 

instructions for saving the data values of the 
25 selected data object in the enveloped data object. 



